Tag

Bug Bounty

All articles tagged with #bug bounty

security1 day ago•8 min saved

AI-Fueled Bug Hunt Redraws the Security Patch Landscape

AI agents are increasingly autonomously finding software flaws and crafting exploits, upending bug-bounty economics as researchers log far more discoveries and attackers speed up development. Major programs are trimming or shifting payouts (Curl’s bounty ended; Google adjusted Chrome/Android rewards) and experts warn that faster zero-days and compressed disclosure windows could pressure quicker patches. The trend, including industry calls for structural defenses and architecture changes, suggests a future where human-led bug hunting remains essential but must be complemented by better-infrastructure that makes many bugs irrelevant.

via WIRED|

#ai #bug-bounty #cybersecurity

technology9 days ago•5 min saved

AI flood tests the limits of bug-bounty schemes

Bug-bounty programs are being flooded with AI-generated, low-quality reports—Curl and Nextcloud have paused programs, and HackerOne reports a 76% surge in submissions with only about 25% legitimate—driving stricter checks and AI-assisted triage, as experts say AI will aid human researchers but not replace them.

via Financial Times|

#ai-generated-reports #artificial-intelligence #bug-bounty

technology20 days ago•3 min saved

Google boosts Android/Chrome bug-bounty rewards to as high as $1.5M

Google overhauls its Android and Chrome vulnerability rewards programs, elevating top Android payouts to $1.5 million for zero-click full-chain exploits on the Pixel Titan M2 (with up to $750,000 for non-persistent variants) and offering up to $250,000 for Chrome full-chain exploits plus a $250,128 bonus for MiraclePtr-protected memory allocations; the changes push for concise bug proofs instead of lengthy analyses and narrow Android focus to Linux kernel vulnerabilities in Google components unless researchers demonstrate device exploitability. The revamp follows a record 2025 with $17.1 million paid to 747 researchers, bringing total payouts since 2010 over $81.6 million, and 2026 totals are expected to rise despite some reductions.

via BleepingComputer|

#android #bug-bounty #chrome

technology27 days ago•2 min saved

GitHub patches critical AI-discovered RCE in under six hours

Wiz Research used AI to uncover a critical remote-code-execution vulnerability in GitHub’s internal git infrastructure. GitHub’s security team reproduced the issue within 40 minutes, developed a fix, and deployed it to github.com and GitHub Enterprise Server within about six hours total. No exploitation was found. The flaw was described as remarkably easy to exploit, highlighting the importance of rapid response, and it follows recent outages and reliability concerns at GitHub.

via The Verge|

#ai #bug-bounty #github

technology2 months ago•3 min saved

DJI Shells Out $30K for Romo Hack Discovery, Promises Faster Security Upgrades

DJI will pay security researcher Sammy Azdoufal $30,000 for a discovery related to vulnerabilities in the Romo robot vacuum network, including a fix for a PIN-free video viewing issue. The company says it has already addressed the vulnerability and will roll out further upgrades within a month, while continuing security testing, third‑party audits, and new ways for researchers to collaborate.

via The Verge|

#bug-bounty #dji #robovac

technology4 months ago•65 min saved

AI Slop Sinks cURL Bug Bounties, Stenberg Says

Daniel Stenberg, lead developer of cURL, is ending the project's bug bounty program at the end of January due to a flood of low-quality AI-assisted submissions he dubs "AI slop." While AI can aid bug discovery, the volume and quality of reports have overwhelmed maintainers, prompting the move even as genuine issues are still welcome under strict AI usage rules.

via The New Stack|

#ai #bug-bounty #curl

technology4 months ago•5 min saved

Curl ends bug-bounty program as AI-generated noise overwhelms maintainers

Open-source tool curl is scrapping its vulnerability-bounty program after a surge of low-quality, AI-generated submissions, with founder Daniel Stenberg saying the team needs to protect their mental health; the move, effective at the end of the month, aims to stop the AI “slop” from flooding reports and distracting from real issues, though critics fear it reduces essential security disclosures.

via Ars Technica|

#ai-generated-reports #bug-bounty #curl

technology7 months ago•2 min saved

Apple Increases Bug Bounty Rewards to $5 Million for Critical Security Flaws

Apple has significantly increased its bug bounty rewards, offering up to $5 million for discovering critical vulnerabilities in iOS or Safari's Lockdown Mode, aiming to incentivize security researchers to find and report serious flaws before malicious actors do.

via supercarblondie.com|

#apple #bug-bounty #cybersecurity

technology7 months ago•1 min saved

Apple Boosts Bug Bounty to $2 Million for Zero-Click Exploit Chains

Apple has increased its bug bounty reward to $2 million for the most dangerous exploits that could be used for spyware, with the potential total reward reaching $5 million including bonuses, as part of its ongoing efforts to improve security and combat the spyware industry.

via WIRED|

#apple #bug-bounty #cybersecurity

technology7 months ago•3 min saved

Apple Increases Bug Bounty to $2 Million for Critical iPhone Security Flaws

Apple is increasing its bug bounty payouts, with some reaching up to $2 million, to incentivize security researchers to find vulnerabilities in iPhones and Macs, especially in new security features like Memory Integrity Enforcement and Lockdown Mode, amid rising threats from spyware and nation-state hackers.

via Axios|

#apple #bug-bounty #cybersecurity

technology10 months ago•4 min saved

AI Slop Threatens Open-Source and Security Bounties

AI-generated low-quality reports, known as AI slop, are flooding cybersecurity bug bounty programs, leading to false positives and wasted resources. Experts suggest investing in AI-powered filtering systems to improve report accuracy, with some companies developing hybrid human-AI triage solutions. The problem highlights the challenges of AI hallucinations in critical security processes.

via TechCrunch|

#ai-filtering #ai-slop #bug-bounty

technology10 months ago•1 min saved

Meta Resolves Bug Risking User AI Content Privacy

Meta fixed a security vulnerability that could have allowed users to access others' AI prompts and responses, with the bug being privately disclosed by security researcher Sandeep Hodkasia who received a $10,000 bounty. The flaw involved predictable prompt identifiers that could be manipulated to view private data, but Meta confirmed it was fixed in January with no evidence of exploitation.

via TechCrunch|

#ai-prompts #bug-bounty #meta

technology10 months ago•3 min saved

Teen Hacker Dylan Becomes Microsoft's Youngest Security Researcher

A 13-year-old hacker named Dylan discovered critical vulnerabilities in Microsoft Teams, leading Microsoft to revise its bug bounty program to include younger researchers and recognizing him as a valuable contributor, which highlights the growing role of young talent in cybersecurity.

via Interesting Engineering|

#bug-bounty #cybersecurity #microsoft

technology1 year ago•2 min saved

Microsoft Unveils $4M 'Zero Day Quest' for AI and Cloud Security

Microsoft has announced Zero Day Quest, an in-person hacking event aimed at enhancing AI and cloud security, with $4 million in potential awards for identifying high-impact security flaws. This initiative builds on Microsoft's bug bounty program and offers researchers direct access to Microsoft AI engineers and the AI Red Team. The event, set for 2025 at Microsoft's Redmond headquarters, is part of Microsoft's broader security transformation efforts, emphasizing transparency and collaboration in addressing vulnerabilities.

via The Verge|

#ai-security #bug-bounty #cybersecurity

technology2 years ago•4 min saved

Apple Denies Bug Bounty to Kaspersky Lab

Apple declined to pay a bug bounty to Kaspersky Lab after the Russian cybersecurity firm disclosed four zero-day vulnerabilities in iPhone software, which were allegedly used to spy on Kaspersky employees and Russian diplomats. Kaspersky suggested the vulnerabilities might have been state-sponsored, but Apple denied any collaboration with governments for spying purposes. The refusal comes amid heightened tensions between the US and Russia following the invasion of Ukraine.

via The Record from Recorded Future News|

#apple #bug-bounty #espionage